Terms of Service

By accessing or using BlackVault ("the Service"), you agree to be bound by these Terms of Service. If you do not agree, do not use the Service. BlackVault is operated by its creator ("we", "us", "our").

BlackVault is an API key management platform that provides encrypted storage for third-party API keys, a proxy gateway for routing API requests, session management, cost tracking, and related tools. The Service is currently in beta and available free of charge.

The Service is provided as a beta release. Features, availability, and pricing may change at any time. We do not guarantee uptime, data retention, or uninterrupted service during the beta period. We will make reasonable efforts to notify users of material changes.

You must create an account to use the Service. You are responsible for maintaining the security of your account credentials. You must not share your account or proxy tokens with unauthorized parties. You are responsible for all activity under your account.

You may store third-party API keys in the encrypted vault. You represent that you have the right to use these API keys and that storing them in BlackVault does not violate any agreement with the key provider. Proxy tokens (bvt_ tokens) are shown once at creation and cannot be retrieved afterward. You are responsible for storing them securely.

You agree not to:

• Use the Service for any illegal purpose
• Attempt to reverse-engineer, decompile, or extract encryption keys from the Service
• Abuse the proxy gateway to circumvent rate limits or terms of third-party API providers
• Share proxy tokens publicly or embed them in client-side code
• Use the Service to store credentials other than API keys (passwords, SSH keys, etc.)
• Attempt to access other users' data or interfere with the Service's operation

API keys are encrypted using AES-256-GCM with per-user derived keys via HKDF. We do not have the ability to read your plaintext API keys at rest. Proxy requests are decrypted in-memory solely for the purpose of forwarding to the upstream provider and are not logged in plaintext. See our Privacy Policy for full details on data handling.

We aim to maintain high availability but do not guarantee uptime. The Service may be temporarily unavailable for maintenance, updates, or due to factors beyond our control. We are not liable for any losses resulting from Service unavailability, including failed proxy requests.

THE SERVICE IS PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, DATA, OR BUSINESS OPPORTUNITIES. OUR TOTAL LIABILITY SHALL NOT EXCEED THE AMOUNT YOU PAID US IN THE 12 MONTHS PRECEDING THE CLAIM (WHICH DURING BETA IS $0).

BlackVault integrates with third-party services (OpenAI, Anthropic, Google AI, etc.). We are not responsible for the availability, accuracy, or policies of these providers. Your use of third-party APIs through our proxy is subject to those providers' own terms of service.

You may delete your account at any time. We may suspend or terminate your access if you violate these terms. Upon termination, your encrypted keys and session data will be permanently deleted.

We may update these terms from time to time. Continued use of the Service after changes constitutes acceptance. We will make reasonable efforts to notify users of material changes via the Service or email.

For questions about these terms, contact us via GitHub at github.com/venkat22022202/black-vault.